Guardium uses security roles to grant access to data (groups, queries, reports, etc.) and to grant access to applications (Report Builder, Policy Builder, CAS, Security Assessments, etc). By default, when a component is initially defined, only the owner (the person who defined it) and the Guardium admin user (who has special privileges) are allowed to access and modify that component.
You can allow other users to access the components you define by assigning security roles. For example, if you assign a security role named DBA to an audit process, all Guardium users assigned the DBA role will be able to access that audit process.
Open or select the item to which you want to assign one or more security roles (a report definition, for example).
Click the Roles button.
In the Assign Security Roles panel, mark all of the roles you want to assign (you will only see the roles that have been assigned to your account).
Click Save.
By default, only the special accessmgr user is allowed to create or remove security roles.
Select Security Role Browser from the Access Management menu.
Click the Add Role link at the bottom of the table of roles.
In the Role Form panel, enter a new role name in the Role Name box.
Click the Add Role button.
By default, only the special accessmgr user is allowed to create or remove security roles. To remove a role assigned to a component, see Assign security roles to a component, above.
Select Security Role Browser from the Access Management menu.
Click the Remove link for the role in the table of roles, and confirm the action.
TBD from Admin Guide